CVE-2012-6093

Name of the Vulnerable Software and Affected Versions Qt versions prior to 4.6.5 Qt versions 4.7.x prior to 4.7.6 Qt versions 4.8.x prior to 4.8.5

Description The issue arises from the QSslSocket::sslErrors function, which, when used with certain versions of openSSL, may read memory from an incorrect location due to an incompatible structure layout. This can lead to Qt reporting an incorrect error when certificate validation fails, potentially causing users to make unsafe security decisions and accept an invalid certificate.

Recommendations For Qt versions prior to 4.6.5, update to version 4.6.5 or later. For Qt versions 4.7.x prior to 4.7.6, update to version 4.7.6 or later. For Qt versions 4.8.x prior to 4.8.5, update to version 4.8.5 or later.